Site is loading
Skip to content
Blog un po' nerd

Blog un po' nerd

Nerd is the new Hipster

  • Blog
  • About
  • Cookie Policy

Primary Sidebar

Stored XSS via cloud attachment

Posted on 20 January 2018Author luigi

ZOHO Mail is a business mail that includes integrated calendar, contacts, notes, and tasks apps. Initially I was looking for a stored XSS in the webmail, but I did not find it so I started checking the other services. I wondered if it was possible to inject malicious code via attachments in ZOHO Notes. By … Continue reading Stored XSS via cloud attachment

Stored XSS in touch.mail.ru

Posted on 27 December 2017Author luigi

This is my first public disclosure on HackerOne. It is a partial disclosure, but the summary is clear: there was a stored XSS in the image preview feature via crafted attachment filename. #275274 – touch.mail.ru/messages – Stored XSS 07/10/2017 – I send the report 11/10/2017 – The vulnerability is fixed and the bug bounty reward … Continue reading Stored XSS in touch.mail.ru

XSSSonar: python tool to look for XSS

Posted on 16 December 2017Author luigi

In my own spare time I like to participate in the bug bounty programs. They are a hard challenge, but it is satisfying to find vulnerabilities in big companies. I usually look for XSS vulnerabilities, for this reason I have written a little python script to automate the search of XSS. XSSSonar is an open … Continue reading XSSSonar: python tool to look for XSS

Posts navigation

Previous page Page 1 … Page 3 Page 4
Proudly powered by WordPress | Theme: Munsa Lite by Foxland.
Back to top